2 * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 #include <openssl/core_dispatch.h>
12 #include <openssl/evp.h>
13 #include <openssl/pem.h>
14 #include <openssl/rsa.h>
15 #include <openssl/x509.h>
16 #include <openssl/core_names.h>
17 #include <openssl/params.h>
18 #include <openssl/param_build.h>
19 #include <openssl/encoder.h>
20 #include <openssl/decoder.h>
22 #include "internal/cryptlib.h" /* ossl_assert */
23 #include "crypto/pem.h" /* For PVK and "blob" PEM headers */
24 #include "crypto/evp.h" /* For evp_pkey_is_provided() */
26 #include "helpers/predefined_dhparams.h"
29 /* Extended test macros to allow passing file & line number */
30 #define TEST_FL_ptr(a) test_ptr(file, line, #a, a)
31 #define TEST_FL_mem_eq(a, m, b, n) test_mem_eq(file, line, #a, #b, a, m, b, n)
32 #define TEST_FL_strn_eq(a, b, n) test_strn_eq(file, line, #a, #b, a, n, b, n)
33 #define TEST_FL_strn2_eq(a, m, b, n) test_strn_eq(file, line, #a, #b, a, m, b, n)
34 #define TEST_FL_int_eq(a, b) test_int_eq(file, line, #a, #b, a, b)
35 #define TEST_FL_int_ge(a, b) test_int_ge(file, line, #a, #b, a, b)
36 #define TEST_FL_int_gt(a, b) test_int_gt(file, line, #a, #b, a, b)
37 #define TEST_FL_long_gt(a, b) test_long_gt(file, line, #a, #b, a, b)
38 #define TEST_FL_true(a) test_true(file, line, #a, (a) != 0)
40 #if defined(OPENSSL_NO_DH) && defined(OPENSSL_NO_DSA) && defined(OPENSSL_NO_EC)
41 # define OPENSSL_NO_KEYPARAMS
45 static BN_CTX
*bnctx
= NULL
;
46 static OSSL_PARAM_BLD
*bld_prime_nc
= NULL
;
47 static OSSL_PARAM_BLD
*bld_prime
= NULL
;
48 static OSSL_PARAM
*ec_explicit_prime_params_nc
= NULL
;
49 static OSSL_PARAM
*ec_explicit_prime_params_explicit
= NULL
;
51 # ifndef OPENSSL_NO_EC2M
52 static OSSL_PARAM_BLD
*bld_tri_nc
= NULL
;
53 static OSSL_PARAM_BLD
*bld_tri
= NULL
;
54 static OSSL_PARAM
*ec_explicit_tri_params_nc
= NULL
;
55 static OSSL_PARAM
*ec_explicit_tri_params_explicit
= NULL
;
59 #ifndef OPENSSL_NO_KEYPARAMS
60 static EVP_PKEY
*make_template(const char *type
, OSSL_PARAM
*genparams
)
62 EVP_PKEY
*pkey
= NULL
;
63 EVP_PKEY_CTX
*ctx
= NULL
;
65 # ifndef OPENSSL_NO_DH
67 * Use 512-bit DH(X) keys with predetermined parameters for efficiency,
68 * for testing only. Use a minimum key size of 2048 for security purposes.
70 if (strcmp(type
, "DH") == 0)
71 return get_dh512(NULL
);
72 if (strcmp(type
, "X9.42 DH") == 0)
73 return get_dhx512(NULL
);
77 * No real need to check the errors other than for the cascade
78 * effect. |pkey| will simply remain NULL if something goes wrong.
80 (void)((ctx
= EVP_PKEY_CTX_new_from_name(NULL
, type
, NULL
)) != NULL
81 && EVP_PKEY_paramgen_init(ctx
) > 0
83 || EVP_PKEY_CTX_set_params(ctx
, genparams
) > 0)
84 && EVP_PKEY_gen(ctx
, &pkey
) > 0);
85 EVP_PKEY_CTX_free(ctx
);
91 static EVP_PKEY
*make_key(const char *type
, EVP_PKEY
*template,
92 OSSL_PARAM
*genparams
)
94 EVP_PKEY
*pkey
= NULL
;
97 ? EVP_PKEY_CTX_new(template, NULL
)
98 : EVP_PKEY_CTX_new_from_name(NULL
, type
, NULL
);
101 * No real need to check the errors other than for the cascade
102 * effect. |pkey| will simply remain NULL if something goes wrong.
105 && EVP_PKEY_keygen_init(ctx
) > 0
106 && (genparams
== NULL
107 || EVP_PKEY_CTX_set_params(ctx
, genparams
) > 0)
108 && EVP_PKEY_keygen(ctx
, &pkey
) > 0);
109 EVP_PKEY_CTX_free(ctx
);
113 /* Main test driver */
115 typedef int (encoder
)(const char *file
, const int line
,
116 void **encoded
, long *encoded_len
,
117 void *object
, int selection
,
118 const char *output_type
, const char *output_structure
,
119 const char *pass
, const char *pcipher
);
120 typedef int (decoder
)(const char *file
, const int line
,
121 void **object
, void *encoded
, long encoded_len
,
122 const char *input_type
, const char *structure_type
,
123 const char *keytype
, int selection
, const char *pass
);
124 typedef int (tester
)(const char *file
, const int line
,
125 const void *data1
, size_t data1_len
,
126 const void *data2
, size_t data2_len
);
127 typedef int (checker
)(const char *file
, const int line
,
128 const char *type
, const void *data
, size_t data_len
);
129 typedef void (dumper
)(const char *label
, const void *data
, size_t data_len
);
131 #define FLAG_DECODE_WITH_TYPE 0x0001
133 static int test_encode_decode(const char *file
, const int line
,
134 const char *type
, EVP_PKEY
*pkey
,
135 int selection
, const char *output_type
,
136 const char *output_structure
,
137 const char *pass
, const char *pcipher
,
138 encoder
*encode_cb
, decoder
*decode_cb
,
139 tester
*test_cb
, checker
*check_cb
,
140 dumper
*dump_cb
, int flags
)
142 void *encoded
= NULL
;
143 long encoded_len
= 0;
144 EVP_PKEY
*pkey2
= NULL
;
145 void *encoded2
= NULL
;
146 long encoded2_len
= 0;
150 * Encode |pkey|, decode the result into |pkey2|, and finish off by
151 * encoding |pkey2| as well. That last encoding is for checking and
154 if (!TEST_true(encode_cb(file
, line
, &encoded
, &encoded_len
, pkey
, selection
,
155 output_type
, output_structure
, pass
, pcipher
))
156 || !TEST_true(check_cb(file
, line
, type
, encoded
, encoded_len
))
157 || !TEST_true(decode_cb(file
, line
, (void **)&pkey2
, encoded
, encoded_len
,
158 output_type
, output_structure
,
159 (flags
& FLAG_DECODE_WITH_TYPE
? type
: NULL
),
161 || !TEST_true(encode_cb(file
, line
, &encoded2
, &encoded2_len
, pkey2
, selection
,
162 output_type
, output_structure
, pass
, pcipher
)))
165 if (selection
== OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS
) {
166 if (!TEST_int_eq(EVP_PKEY_parameters_eq(pkey
, pkey2
), 1))
169 if (!TEST_int_eq(EVP_PKEY_eq(pkey
, pkey2
), 1))
174 * Double check the encoding, but only for unprotected keys,
175 * as protected keys have a random component, which makes the output
178 if ((pass
== NULL
&& pcipher
== NULL
)
179 && !test_cb(file
, line
, encoded
, encoded_len
, encoded2
, encoded2_len
))
185 if (encoded
!= NULL
&& encoded_len
!= 0)
186 dump_cb("|pkey| encoded", encoded
, encoded_len
);
187 if (encoded2
!= NULL
&& encoded2_len
!= 0)
188 dump_cb("|pkey2| encoded", encoded2
, encoded2_len
);
191 OPENSSL_free(encoded
);
192 OPENSSL_free(encoded2
);
193 EVP_PKEY_free(pkey2
);
197 /* Encoding and decoding methods */
199 static int encode_EVP_PKEY_prov(const char *file
, const int line
,
200 void **encoded
, long *encoded_len
,
201 void *object
, int selection
,
202 const char *output_type
,
203 const char *output_structure
,
204 const char *pass
, const char *pcipher
)
206 EVP_PKEY
*pkey
= object
;
207 OSSL_ENCODER_CTX
*ectx
= NULL
;
209 BUF_MEM
*mem_buf
= NULL
;
210 const unsigned char *upass
= (const unsigned char *)pass
;
213 if (!TEST_FL_ptr(ectx
= OSSL_ENCODER_CTX_new_for_pkey(pkey
, selection
,
217 || !TEST_FL_int_gt(OSSL_ENCODER_CTX_get_num_encoders(ectx
), 0)
219 && !TEST_FL_true(OSSL_ENCODER_CTX_set_passphrase(ectx
, upass
,
222 && !TEST_FL_true(OSSL_ENCODER_CTX_set_cipher(ectx
, pcipher
, NULL
)))
223 || !TEST_FL_ptr(mem_ser
= BIO_new(BIO_s_mem()))
224 || !TEST_FL_true(OSSL_ENCODER_to_bio(ectx
, mem_ser
))
225 || !TEST_FL_true(BIO_get_mem_ptr(mem_ser
, &mem_buf
) > 0)
226 || !TEST_FL_ptr(*encoded
= mem_buf
->data
)
227 || !TEST_FL_long_gt(*encoded_len
= mem_buf
->length
, 0))
230 /* Detach the encoded output */
231 mem_buf
->data
= NULL
;
236 OSSL_ENCODER_CTX_free(ectx
);
240 static int decode_EVP_PKEY_prov(const char *file
, const int line
,
241 void **object
, void *encoded
, long encoded_len
,
242 const char *input_type
,
243 const char *structure_type
,
244 const char *keytype
, int selection
,
247 EVP_PKEY
*pkey
= NULL
, *testpkey
= NULL
;
248 OSSL_DECODER_CTX
*dctx
= NULL
;
249 BIO
*encoded_bio
= NULL
;
250 const unsigned char *upass
= (const unsigned char *)pass
;
255 if (strcmp(input_type
, "DER") == 0)
260 if (!TEST_FL_ptr(encoded_bio
= BIO_new_mem_buf(encoded
, encoded_len
)))
264 * We attempt the decode 3 times. The first time we provide the expected
265 * starting input type. The second time we provide NULL for the starting
266 * type. The third time we provide a bad starting input type.
267 * The bad starting input type should fail. The other two should succeed
268 * and produce the same result.
270 for (i
= 0; i
< 3; i
++) {
271 const char *testtype
= (i
== 0) ? input_type
272 : ((i
== 1) ? NULL
: badtype
);
274 if (!TEST_FL_ptr(dctx
= OSSL_DECODER_CTX_new_for_pkey(&testpkey
,
281 && !OSSL_DECODER_CTX_set_passphrase(dctx
, upass
, strlen(pass
)))
282 || !TEST_FL_int_gt(BIO_reset(encoded_bio
), 0)
283 /* We expect to fail when using a bad input type */
284 || !TEST_FL_int_eq(OSSL_DECODER_from_bio(dctx
, encoded_bio
),
287 OSSL_DECODER_CTX_free(dctx
);
294 if (selection
== OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS
) {
295 if (!TEST_FL_int_eq(EVP_PKEY_parameters_eq(pkey
, testpkey
), 1))
298 if (!TEST_FL_int_eq(EVP_PKEY_eq(pkey
, testpkey
), 1))
309 EVP_PKEY_free(testpkey
);
310 BIO_free(encoded_bio
);
311 OSSL_DECODER_CTX_free(dctx
);
315 static int encode_EVP_PKEY_legacy_PEM(const char *file
, const int line
,
316 void **encoded
, long *encoded_len
,
317 void *object
, ossl_unused
int selection
,
318 ossl_unused
const char *output_type
,
319 ossl_unused
const char *output_structure
,
320 const char *pass
, const char *pcipher
)
322 EVP_PKEY
*pkey
= object
;
323 EVP_CIPHER
*cipher
= NULL
;
325 BUF_MEM
*mem_buf
= NULL
;
326 const unsigned char *upass
= (const unsigned char *)pass
;
330 if (pcipher
!= NULL
&& pass
!= NULL
) {
331 passlen
= strlen(pass
);
332 if (!TEST_FL_ptr(cipher
= EVP_CIPHER_fetch(NULL
, pcipher
, NULL
)))
335 if (!TEST_FL_ptr(mem_ser
= BIO_new(BIO_s_mem()))
336 || !TEST_FL_true(PEM_write_bio_PrivateKey_traditional(mem_ser
, pkey
,
340 || !TEST_FL_true(BIO_get_mem_ptr(mem_ser
, &mem_buf
) > 0)
341 || !TEST_FL_ptr(*encoded
= mem_buf
->data
)
342 || !TEST_FL_long_gt(*encoded_len
= mem_buf
->length
, 0))
345 /* Detach the encoded output */
346 mem_buf
->data
= NULL
;
351 EVP_CIPHER_free(cipher
);
355 static int encode_EVP_PKEY_MSBLOB(const char *file
, const int line
,
356 void **encoded
, long *encoded_len
,
357 void *object
, int selection
,
358 ossl_unused
const char *output_type
,
359 ossl_unused
const char *output_structure
,
360 ossl_unused
const char *pass
,
361 ossl_unused
const char *pcipher
)
363 EVP_PKEY
*pkey
= object
;
365 BUF_MEM
*mem_buf
= NULL
;
368 if (!TEST_FL_ptr(mem_ser
= BIO_new(BIO_s_mem())))
371 if ((selection
& OSSL_KEYMGMT_SELECT_PRIVATE_KEY
) != 0) {
372 if (!TEST_FL_int_ge(i2b_PrivateKey_bio(mem_ser
, pkey
), 0))
375 if (!TEST_FL_int_ge(i2b_PublicKey_bio(mem_ser
, pkey
), 0))
379 if (!TEST_FL_true(BIO_get_mem_ptr(mem_ser
, &mem_buf
) > 0)
380 || !TEST_FL_ptr(*encoded
= mem_buf
->data
)
381 || !TEST_FL_long_gt(*encoded_len
= mem_buf
->length
, 0))
384 /* Detach the encoded output */
385 mem_buf
->data
= NULL
;
393 static pem_password_cb pass_pw
;
394 static int pass_pw(char *buf
, int size
, int rwflag
, void *userdata
)
396 OPENSSL_strlcpy(buf
, userdata
, size
);
397 return strlen(userdata
);
400 static int encode_EVP_PKEY_PVK(const char *file
, const int line
,
401 void **encoded
, long *encoded_len
,
402 void *object
, int selection
,
403 ossl_unused
const char *output_type
,
404 ossl_unused
const char *output_structure
,
406 ossl_unused
const char *pcipher
)
408 EVP_PKEY
*pkey
= object
;
410 BUF_MEM
*mem_buf
= NULL
;
411 int enc
= (pass
!= NULL
);
414 if (!TEST_FL_true(ossl_assert((selection
415 & OSSL_KEYMGMT_SELECT_PRIVATE_KEY
) != 0))
416 || !TEST_FL_ptr(mem_ser
= BIO_new(BIO_s_mem()))
417 || !TEST_FL_int_ge(i2b_PVK_bio(mem_ser
, pkey
, enc
,
418 pass_pw
, (void *)pass
), 0)
419 || !TEST_FL_true(BIO_get_mem_ptr(mem_ser
, &mem_buf
) > 0)
420 || !TEST_FL_ptr(*encoded
= mem_buf
->data
)
421 || !TEST_FL_long_gt(*encoded_len
= mem_buf
->length
, 0))
424 /* Detach the encoded output */
425 mem_buf
->data
= NULL
;
433 static int test_text(const char *file
, const int line
,
434 const void *data1
, size_t data1_len
,
435 const void *data2
, size_t data2_len
)
437 return TEST_FL_strn2_eq(data1
, data1_len
, data2
, data2_len
);
440 static int test_mem(const char *file
, const int line
,
441 const void *data1
, size_t data1_len
,
442 const void *data2
, size_t data2_len
)
444 return TEST_FL_mem_eq(data1
, data1_len
, data2
, data2_len
);
447 /* Test cases and their dumpers / checkers */
449 static void collect_name(const char *name
, void *arg
)
451 char **namelist
= arg
;
455 space
= strlen(name
);
456 if (*namelist
!= NULL
)
457 space
+= strlen(*namelist
) + 2 /* for comma and space */;
458 space
++; /* for terminating null byte */
460 new_namelist
= OPENSSL_realloc(*namelist
, space
);
461 if (new_namelist
== NULL
)
463 if (*namelist
!= NULL
) {
464 strcat(new_namelist
, ", ");
465 strcat(new_namelist
, name
);
467 strcpy(new_namelist
, name
);
469 *namelist
= new_namelist
;
472 static void dump_der(const char *label
, const void *data
, size_t data_len
)
474 test_output_memory(label
, data
, data_len
);
477 static void dump_pem(const char *label
, const void *data
, size_t data_len
)
479 test_output_string(label
, data
, data_len
- 1);
482 static int check_unprotected_PKCS8_DER(const char *file
, const int line
,
484 const void *data
, size_t data_len
)
486 const unsigned char *datap
= data
;
487 PKCS8_PRIV_KEY_INFO
*p8inf
=
488 d2i_PKCS8_PRIV_KEY_INFO(NULL
, &datap
, data_len
);
491 if (TEST_FL_ptr(p8inf
)) {
492 EVP_PKEY
*pkey
= EVP_PKCS82PKEY(p8inf
);
493 char *namelist
= NULL
;
495 if (TEST_FL_ptr(pkey
)) {
496 if (!(ok
= TEST_FL_true(EVP_PKEY_is_a(pkey
, type
)))) {
497 EVP_PKEY_typenames_do_all(pkey
, collect_name
, &namelist
);
498 if (namelist
!= NULL
)
499 TEST_note("%s isn't any of %s", type
, namelist
);
500 OPENSSL_free(namelist
);
502 ok
= ok
&& TEST_FL_true(evp_pkey_is_provided(pkey
));
506 PKCS8_PRIV_KEY_INFO_free(p8inf
);
510 static int test_unprotected_via_DER(const char *type
, EVP_PKEY
*key
)
512 return test_encode_decode(__FILE__
, __LINE__
, type
, key
,
513 OSSL_KEYMGMT_SELECT_KEYPAIR
514 | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS
,
515 "DER", "pkcs8", NULL
, NULL
,
516 encode_EVP_PKEY_prov
, decode_EVP_PKEY_prov
,
517 test_mem
, check_unprotected_PKCS8_DER
,
521 static int check_unprotected_PKCS8_PEM(const char *file
, const int line
,
523 const void *data
, size_t data_len
)
525 static const char expected_pem_header
[] =
526 "-----BEGIN " PEM_STRING_PKCS8INF
"-----";
528 return TEST_FL_strn_eq(data
, expected_pem_header
,
529 sizeof(expected_pem_header
) - 1);
532 static int test_unprotected_via_PEM(const char *type
, EVP_PKEY
*key
)
534 return test_encode_decode(__FILE__
, __LINE__
, type
, key
, OSSL_KEYMGMT_SELECT_KEYPAIR
535 | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS
,
536 "PEM", "pkcs8", NULL
, NULL
,
537 encode_EVP_PKEY_prov
, decode_EVP_PKEY_prov
,
538 test_text
, check_unprotected_PKCS8_PEM
,
542 #ifndef OPENSSL_NO_KEYPARAMS
543 static int check_params_DER(const char *file
, const int line
,
544 const char *type
, const void *data
, size_t data_len
)
546 const unsigned char *datap
= data
;
548 int itype
= NID_undef
;
549 EVP_PKEY
*pkey
= NULL
;
551 if (strcmp(type
, "DH") == 0)
553 else if (strcmp(type
, "X9.42 DH") == 0)
554 itype
= EVP_PKEY_DHX
;
555 else if (strcmp(type
, "DSA") == 0)
556 itype
= EVP_PKEY_DSA
;
557 else if (strcmp(type
, "EC") == 0)
560 if (itype
!= NID_undef
) {
561 pkey
= d2i_KeyParams(itype
, NULL
, &datap
, data_len
);
569 static int check_params_PEM(const char *file
, const int line
,
571 const void *data
, size_t data_len
)
573 static char expected_pem_header
[80];
576 TEST_FL_int_gt(BIO_snprintf(expected_pem_header
,
577 sizeof(expected_pem_header
),
578 "-----BEGIN %s PARAMETERS-----", type
), 0)
579 && TEST_FL_strn_eq(data
, expected_pem_header
, strlen(expected_pem_header
));
582 static int test_params_via_DER(const char *type
, EVP_PKEY
*key
)
584 return test_encode_decode(__FILE__
, __LINE__
, type
, key
, OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS
,
585 "DER", "type-specific", NULL
, NULL
,
586 encode_EVP_PKEY_prov
, decode_EVP_PKEY_prov
,
587 test_mem
, check_params_DER
,
588 dump_der
, FLAG_DECODE_WITH_TYPE
);
591 static int test_params_via_PEM(const char *type
, EVP_PKEY
*key
)
593 return test_encode_decode(__FILE__
, __LINE__
, type
, key
, OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS
,
594 "PEM", "type-specific", NULL
, NULL
,
595 encode_EVP_PKEY_prov
, decode_EVP_PKEY_prov
,
596 test_text
, check_params_PEM
,
599 #endif /* !OPENSSL_NO_KEYPARAMS */
601 static int check_unprotected_legacy_PEM(const char *file
, const int line
,
603 const void *data
, size_t data_len
)
605 static char expected_pem_header
[80];
608 TEST_FL_int_gt(BIO_snprintf(expected_pem_header
,
609 sizeof(expected_pem_header
),
610 "-----BEGIN %s PRIVATE KEY-----", type
), 0)
611 && TEST_FL_strn_eq(data
, expected_pem_header
, strlen(expected_pem_header
));
614 static int test_unprotected_via_legacy_PEM(const char *type
, EVP_PKEY
*key
)
616 return test_encode_decode(__FILE__
, __LINE__
, type
, key
,
617 OSSL_KEYMGMT_SELECT_KEYPAIR
618 | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS
,
619 "PEM", "type-specific", NULL
, NULL
,
620 encode_EVP_PKEY_legacy_PEM
, decode_EVP_PKEY_prov
,
621 test_text
, check_unprotected_legacy_PEM
,
625 static int check_MSBLOB(const char *file
, const int line
,
626 const char *type
, const void *data
, size_t data_len
)
628 const unsigned char *datap
= data
;
629 EVP_PKEY
*pkey
= b2i_PrivateKey(&datap
, data_len
);
630 int ok
= TEST_FL_ptr(pkey
);
636 static int test_unprotected_via_MSBLOB(const char *type
, EVP_PKEY
*key
)
638 return test_encode_decode(__FILE__
, __LINE__
, type
, key
,
639 OSSL_KEYMGMT_SELECT_KEYPAIR
640 | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS
,
641 "MSBLOB", NULL
, NULL
, NULL
,
642 encode_EVP_PKEY_MSBLOB
, decode_EVP_PKEY_prov
,
643 test_mem
, check_MSBLOB
,
647 static int check_PVK(const char *file
, const int line
,
648 const char *type
, const void *data
, size_t data_len
)
650 const unsigned char *in
= data
;
651 unsigned int saltlen
= 0, keylen
= 0;
652 int ok
= ossl_do_PVK_header(&in
, data_len
, 0, &saltlen
, &keylen
);
657 static int test_unprotected_via_PVK(const char *type
, EVP_PKEY
*key
)
659 return test_encode_decode(__FILE__
, __LINE__
, type
, key
,
660 OSSL_KEYMGMT_SELECT_KEYPAIR
661 | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS
,
662 "PVK", NULL
, NULL
, NULL
,
663 encode_EVP_PKEY_PVK
, decode_EVP_PKEY_prov
,
668 static const char *pass_cipher
= "AES-256-CBC";
669 static const char *pass
= "the holy handgrenade of antioch";
671 static int check_protected_PKCS8_DER(const char *file
, const int line
,
673 const void *data
, size_t data_len
)
675 const unsigned char *datap
= data
;
676 X509_SIG
*p8
= d2i_X509_SIG(NULL
, &datap
, data_len
);
677 int ok
= TEST_FL_ptr(p8
);
683 static int test_protected_via_DER(const char *type
, EVP_PKEY
*key
)
685 return test_encode_decode(__FILE__
, __LINE__
, type
, key
,
686 OSSL_KEYMGMT_SELECT_KEYPAIR
687 | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS
,
688 "DER", "pkcs8", pass
, pass_cipher
,
689 encode_EVP_PKEY_prov
, decode_EVP_PKEY_prov
,
690 test_mem
, check_protected_PKCS8_DER
,
694 static int check_protected_PKCS8_PEM(const char *file
, const int line
,
696 const void *data
, size_t data_len
)
698 static const char expected_pem_header
[] =
699 "-----BEGIN " PEM_STRING_PKCS8
"-----";
701 return TEST_FL_strn_eq(data
, expected_pem_header
,
702 sizeof(expected_pem_header
) - 1);
705 static int test_protected_via_PEM(const char *type
, EVP_PKEY
*key
)
707 return test_encode_decode(__FILE__
, __LINE__
, type
, key
,
708 OSSL_KEYMGMT_SELECT_KEYPAIR
709 | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS
,
710 "PEM", "pkcs8", pass
, pass_cipher
,
711 encode_EVP_PKEY_prov
, decode_EVP_PKEY_prov
,
712 test_text
, check_protected_PKCS8_PEM
,
716 static int check_protected_legacy_PEM(const char *file
, const int line
,
718 const void *data
, size_t data_len
)
720 static char expected_pem_header
[80];
723 TEST_FL_int_gt(BIO_snprintf(expected_pem_header
,
724 sizeof(expected_pem_header
),
725 "-----BEGIN %s PRIVATE KEY-----", type
), 0)
726 && TEST_FL_strn_eq(data
, expected_pem_header
, strlen(expected_pem_header
))
727 && TEST_FL_ptr(strstr(data
, "\nDEK-Info: "));
730 static int test_protected_via_legacy_PEM(const char *type
, EVP_PKEY
*key
)
732 return test_encode_decode(__FILE__
, __LINE__
, type
, key
,
733 OSSL_KEYMGMT_SELECT_KEYPAIR
734 | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS
,
735 "PEM", "type-specific", pass
, pass_cipher
,
736 encode_EVP_PKEY_legacy_PEM
, decode_EVP_PKEY_prov
,
737 test_text
, check_protected_legacy_PEM
,
741 #ifndef OPENSSL_NO_RC4
742 static int test_protected_via_PVK(const char *type
, EVP_PKEY
*key
)
744 return test_encode_decode(__FILE__
, __LINE__
, type
, key
,
745 OSSL_KEYMGMT_SELECT_KEYPAIR
746 | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS
,
747 "PVK", NULL
, pass
, NULL
,
748 encode_EVP_PKEY_PVK
, decode_EVP_PKEY_prov
,
749 test_mem
, check_PVK
, dump_der
, 0);
753 static int check_public_DER(const char *file
, const int line
,
754 const char *type
, const void *data
, size_t data_len
)
756 const unsigned char *datap
= data
;
757 EVP_PKEY
*pkey
= d2i_PUBKEY(NULL
, &datap
, data_len
);
758 int ok
= (TEST_FL_ptr(pkey
) && TEST_FL_true(EVP_PKEY_is_a(pkey
, type
)));
764 static int test_public_via_DER(const char *type
, EVP_PKEY
*key
)
766 return test_encode_decode(__FILE__
, __LINE__
, type
, key
,
767 OSSL_KEYMGMT_SELECT_PUBLIC_KEY
768 | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS
,
769 "DER", "SubjectPublicKeyInfo", NULL
, NULL
,
770 encode_EVP_PKEY_prov
, decode_EVP_PKEY_prov
,
771 test_mem
, check_public_DER
, dump_der
, 0);
774 static int check_public_PEM(const char *file
, const int line
,
775 const char *type
, const void *data
, size_t data_len
)
777 static const char expected_pem_header
[] =
778 "-----BEGIN " PEM_STRING_PUBLIC
"-----";
781 TEST_FL_strn_eq(data
, expected_pem_header
,
782 sizeof(expected_pem_header
) - 1);
785 static int test_public_via_PEM(const char *type
, EVP_PKEY
*key
)
787 return test_encode_decode(__FILE__
, __LINE__
, type
, key
,
788 OSSL_KEYMGMT_SELECT_PUBLIC_KEY
789 | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS
,
790 "PEM", "SubjectPublicKeyInfo", NULL
, NULL
,
791 encode_EVP_PKEY_prov
, decode_EVP_PKEY_prov
,
792 test_text
, check_public_PEM
, dump_pem
, 0);
795 static int check_public_MSBLOB(const char *file
, const int line
,
797 const void *data
, size_t data_len
)
799 const unsigned char *datap
= data
;
800 EVP_PKEY
*pkey
= b2i_PublicKey(&datap
, data_len
);
801 int ok
= TEST_FL_ptr(pkey
);
807 static int test_public_via_MSBLOB(const char *type
, EVP_PKEY
*key
)
809 return test_encode_decode(__FILE__
, __LINE__
, type
, key
, OSSL_KEYMGMT_SELECT_PUBLIC_KEY
810 | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS
,
811 "MSBLOB", NULL
, NULL
, NULL
,
812 encode_EVP_PKEY_MSBLOB
, decode_EVP_PKEY_prov
,
813 test_mem
, check_public_MSBLOB
, dump_der
, 0);
816 #define KEYS(KEYTYPE) \
817 static EVP_PKEY *key_##KEYTYPE = NULL
818 #define MAKE_KEYS(KEYTYPE, KEYTYPEstr, params) \
820 && TEST_ptr(key_##KEYTYPE = make_key(KEYTYPEstr, NULL, params))
821 #define FREE_KEYS(KEYTYPE) \
822 EVP_PKEY_free(key_##KEYTYPE); \
824 #define DOMAIN_KEYS(KEYTYPE) \
825 static EVP_PKEY *template_##KEYTYPE = NULL; \
826 static EVP_PKEY *key_##KEYTYPE = NULL
827 #define MAKE_DOMAIN_KEYS(KEYTYPE, KEYTYPEstr, params) \
829 && TEST_ptr(template_##KEYTYPE = \
830 make_template(KEYTYPEstr, params)) \
831 && TEST_ptr(key_##KEYTYPE = \
832 make_key(KEYTYPEstr, template_##KEYTYPE, NULL))
833 #define FREE_DOMAIN_KEYS(KEYTYPE) \
834 EVP_PKEY_free(template_##KEYTYPE); \
835 EVP_PKEY_free(key_##KEYTYPE)
837 #define IMPLEMENT_TEST_SUITE(KEYTYPE, KEYTYPEstr) \
838 static int test_unprotected_##KEYTYPE##_via_DER(void) \
840 return test_unprotected_via_DER(KEYTYPEstr, key_##KEYTYPE); \
842 static int test_unprotected_##KEYTYPE##_via_PEM(void) \
844 return test_unprotected_via_PEM(KEYTYPEstr, key_##KEYTYPE); \
846 static int test_protected_##KEYTYPE##_via_DER(void) \
848 return test_protected_via_DER(KEYTYPEstr, key_##KEYTYPE); \
850 static int test_protected_##KEYTYPE##_via_PEM(void) \
852 return test_protected_via_PEM(KEYTYPEstr, key_##KEYTYPE); \
854 static int test_public_##KEYTYPE##_via_DER(void) \
856 return test_public_via_DER(KEYTYPEstr, key_##KEYTYPE); \
858 static int test_public_##KEYTYPE##_via_PEM(void) \
860 return test_public_via_PEM(KEYTYPEstr, key_##KEYTYPE); \
863 #define ADD_TEST_SUITE(KEYTYPE) \
864 ADD_TEST(test_unprotected_##KEYTYPE##_via_DER); \
865 ADD_TEST(test_unprotected_##KEYTYPE##_via_PEM); \
866 ADD_TEST(test_protected_##KEYTYPE##_via_DER); \
867 ADD_TEST(test_protected_##KEYTYPE##_via_PEM); \
868 ADD_TEST(test_public_##KEYTYPE##_via_DER); \
869 ADD_TEST(test_public_##KEYTYPE##_via_PEM)
871 #define IMPLEMENT_TEST_SUITE_PARAMS(KEYTYPE, KEYTYPEstr) \
872 static int test_params_##KEYTYPE##_via_DER(void) \
874 return test_params_via_DER(KEYTYPEstr, key_##KEYTYPE); \
876 static int test_params_##KEYTYPE##_via_PEM(void) \
878 return test_params_via_PEM(KEYTYPEstr, key_##KEYTYPE); \
881 #define ADD_TEST_SUITE_PARAMS(KEYTYPE) \
882 ADD_TEST(test_params_##KEYTYPE##_via_DER); \
883 ADD_TEST(test_params_##KEYTYPE##_via_PEM)
885 #define IMPLEMENT_TEST_SUITE_LEGACY(KEYTYPE, KEYTYPEstr) \
886 static int test_unprotected_##KEYTYPE##_via_legacy_PEM(void) \
889 test_unprotected_via_legacy_PEM(KEYTYPEstr, key_##KEYTYPE); \
891 static int test_protected_##KEYTYPE##_via_legacy_PEM(void) \
894 test_protected_via_legacy_PEM(KEYTYPEstr, key_##KEYTYPE); \
897 #define ADD_TEST_SUITE_LEGACY(KEYTYPE) \
898 ADD_TEST(test_unprotected_##KEYTYPE##_via_legacy_PEM); \
899 ADD_TEST(test_protected_##KEYTYPE##_via_legacy_PEM)
901 #define IMPLEMENT_TEST_SUITE_MSBLOB(KEYTYPE, KEYTYPEstr) \
902 static int test_unprotected_##KEYTYPE##_via_MSBLOB(void) \
904 return test_unprotected_via_MSBLOB(KEYTYPEstr, key_##KEYTYPE); \
906 static int test_public_##KEYTYPE##_via_MSBLOB(void) \
908 return test_public_via_MSBLOB(KEYTYPEstr, key_##KEYTYPE); \
911 #define ADD_TEST_SUITE_MSBLOB(KEYTYPE) \
912 ADD_TEST(test_unprotected_##KEYTYPE##_via_MSBLOB); \
913 ADD_TEST(test_public_##KEYTYPE##_via_MSBLOB)
915 #define IMPLEMENT_TEST_SUITE_UNPROTECTED_PVK(KEYTYPE, KEYTYPEstr) \
916 static int test_unprotected_##KEYTYPE##_via_PVK(void) \
918 return test_unprotected_via_PVK(KEYTYPEstr, key_##KEYTYPE); \
920 # define ADD_TEST_SUITE_UNPROTECTED_PVK(KEYTYPE) \
921 ADD_TEST(test_unprotected_##KEYTYPE##_via_PVK)
922 #ifndef OPENSSL_NO_RC4
923 # define IMPLEMENT_TEST_SUITE_PROTECTED_PVK(KEYTYPE, KEYTYPEstr) \
924 static int test_protected_##KEYTYPE##_via_PVK(void) \
926 return test_protected_via_PVK(KEYTYPEstr, key_##KEYTYPE); \
928 # define ADD_TEST_SUITE_PROTECTED_PVK(KEYTYPE) \
929 ADD_TEST(test_protected_##KEYTYPE##_via_PVK)
932 #ifndef OPENSSL_NO_DH
934 IMPLEMENT_TEST_SUITE(DH
, "DH")
935 IMPLEMENT_TEST_SUITE_PARAMS(DH
, "DH")
937 IMPLEMENT_TEST_SUITE(DHX
, "X9.42 DH")
938 IMPLEMENT_TEST_SUITE_PARAMS(DHX
, "X9.42 DH")
940 * DH has no support for PEM_write_bio_PrivateKey_traditional(),
941 * so no legacy tests.
944 #ifndef OPENSSL_NO_DSA
946 IMPLEMENT_TEST_SUITE(DSA
, "DSA")
947 IMPLEMENT_TEST_SUITE_PARAMS(DSA
, "DSA")
948 IMPLEMENT_TEST_SUITE_LEGACY(DSA
, "DSA")
949 IMPLEMENT_TEST_SUITE_MSBLOB(DSA
, "DSA")
950 IMPLEMENT_TEST_SUITE_UNPROTECTED_PVK(DSA
, "DSA")
951 # ifndef OPENSSL_NO_RC4
952 IMPLEMENT_TEST_SUITE_PROTECTED_PVK(DSA
, "DSA")
955 #ifndef OPENSSL_NO_EC
957 IMPLEMENT_TEST_SUITE(EC
, "EC")
958 IMPLEMENT_TEST_SUITE_PARAMS(EC
, "EC")
959 IMPLEMENT_TEST_SUITE_LEGACY(EC
, "EC")
960 DOMAIN_KEYS(ECExplicitPrimeNamedCurve
);
961 IMPLEMENT_TEST_SUITE(ECExplicitPrimeNamedCurve
, "EC")
962 IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrimeNamedCurve
, "EC")
963 DOMAIN_KEYS(ECExplicitPrime2G
);
964 IMPLEMENT_TEST_SUITE(ECExplicitPrime2G
, "EC")
965 IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrime2G
, "EC")
966 # ifndef OPENSSL_NO_EC2M
967 DOMAIN_KEYS(ECExplicitTriNamedCurve
);
968 IMPLEMENT_TEST_SUITE(ECExplicitTriNamedCurve
, "EC")
969 IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitTriNamedCurve
, "EC")
970 DOMAIN_KEYS(ECExplicitTri2G
);
971 IMPLEMENT_TEST_SUITE(ECExplicitTri2G
, "EC")
972 IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitTri2G
, "EC")
975 IMPLEMENT_TEST_SUITE(ED25519
, "ED25519")
977 IMPLEMENT_TEST_SUITE(ED448
, "ED448")
979 IMPLEMENT_TEST_SUITE(X25519
, "X25519")
981 IMPLEMENT_TEST_SUITE(X448
, "X448")
983 * ED25519, ED448, X25519 and X448 have no support for
984 * PEM_write_bio_PrivateKey_traditional(), so no legacy tests.
988 IMPLEMENT_TEST_SUITE(RSA
, "RSA")
989 IMPLEMENT_TEST_SUITE_LEGACY(RSA
, "RSA")
991 IMPLEMENT_TEST_SUITE(RSA_PSS
, "RSA-PSS")
993 * RSA-PSS has no support for PEM_write_bio_PrivateKey_traditional(),
994 * so no legacy tests.
996 IMPLEMENT_TEST_SUITE_MSBLOB(RSA
, "RSA")
997 IMPLEMENT_TEST_SUITE_UNPROTECTED_PVK(RSA
, "RSA")
998 #ifndef OPENSSL_NO_RC4
999 IMPLEMENT_TEST_SUITE_PROTECTED_PVK(RSA
, "RSA")
1002 #ifndef OPENSSL_NO_EC
1003 /* Explicit parameters that match a named curve */
1004 static int do_create_ec_explicit_prime_params(OSSL_PARAM_BLD
*bld
,
1005 const unsigned char *gen
,
1008 BIGNUM
*a
, *b
, *prime
, *order
;
1010 /* Curve prime256v1 */
1011 static const unsigned char prime_data
[] = {
1012 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00,
1013 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1014 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff,
1015 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1018 static const unsigned char a_data
[] = {
1019 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00,
1020 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1021 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff,
1022 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1025 static const unsigned char b_data
[] = {
1026 0x5a, 0xc6, 0x35, 0xd8, 0xaa, 0x3a, 0x93, 0xe7,
1027 0xb3, 0xeb, 0xbd, 0x55, 0x76, 0x98, 0x86, 0xbc,
1028 0x65, 0x1d, 0x06, 0xb0, 0xcc, 0x53, 0xb0, 0xf6,
1029 0x3b, 0xce, 0x3c, 0x3e, 0x27, 0xd2, 0x60, 0x4b
1031 static const unsigned char seed
[] = {
1032 0xc4, 0x9d, 0x36, 0x08, 0x86, 0xe7, 0x04, 0x93,
1033 0x6a, 0x66, 0x78, 0xe1, 0x13, 0x9d, 0x26, 0xb7,
1034 0x81, 0x9f, 0x7e, 0x90
1036 static const unsigned char order_data
[] = {
1037 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00,
1038 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1039 0xff, 0xbc, 0xe6, 0xfa, 0xad, 0xa7, 0x17, 0x9e,
1040 0x84, 0xf3, 0xb9, 0xca, 0xc2, 0xfc, 0x63, 0x25, 0x51
1042 return TEST_ptr(a
= BN_CTX_get(bnctx
))
1043 && TEST_ptr(b
= BN_CTX_get(bnctx
))
1044 && TEST_ptr(prime
= BN_CTX_get(bnctx
))
1045 && TEST_ptr(order
= BN_CTX_get(bnctx
))
1046 && TEST_ptr(BN_bin2bn(prime_data
, sizeof(prime_data
), prime
))
1047 && TEST_ptr(BN_bin2bn(a_data
, sizeof(a_data
), a
))
1048 && TEST_ptr(BN_bin2bn(b_data
, sizeof(b_data
), b
))
1049 && TEST_ptr(BN_bin2bn(order_data
, sizeof(order_data
), order
))
1050 && TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld
,
1051 OSSL_PKEY_PARAM_EC_FIELD_TYPE
, SN_X9_62_prime_field
,
1053 && TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_EC_P
, prime
))
1054 && TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_EC_A
, a
))
1055 && TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_EC_B
, b
))
1056 && TEST_true(OSSL_PARAM_BLD_push_BN(bld
,
1057 OSSL_PKEY_PARAM_EC_ORDER
, order
))
1058 && TEST_true(OSSL_PARAM_BLD_push_octet_string(bld
,
1059 OSSL_PKEY_PARAM_EC_GENERATOR
, gen
, gen_len
))
1060 && TEST_true(OSSL_PARAM_BLD_push_octet_string(bld
,
1061 OSSL_PKEY_PARAM_EC_SEED
, seed
, sizeof(seed
)))
1062 && TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_EC_COFACTOR
,
1066 static int create_ec_explicit_prime_params_namedcurve(OSSL_PARAM_BLD
*bld
)
1068 static const unsigned char prime256v1_gen
[] = {
1070 0x6b, 0x17, 0xd1, 0xf2, 0xe1, 0x2c, 0x42, 0x47,
1071 0xf8, 0xbc, 0xe6, 0xe5, 0x63, 0xa4, 0x40, 0xf2,
1072 0x77, 0x03, 0x7d, 0x81, 0x2d, 0xeb, 0x33, 0xa0,
1073 0xf4, 0xa1, 0x39, 0x45, 0xd8, 0x98, 0xc2, 0x96,
1074 0x4f, 0xe3, 0x42, 0xe2, 0xfe, 0x1a, 0x7f, 0x9b,
1075 0x8e, 0xe7, 0xeb, 0x4a, 0x7c, 0x0f, 0x9e, 0x16,
1076 0x2b, 0xce, 0x33, 0x57, 0x6b, 0x31, 0x5e, 0xce,
1077 0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 0x51, 0xf5
1079 return do_create_ec_explicit_prime_params(bld
, prime256v1_gen
,
1080 sizeof(prime256v1_gen
));
1083 static int create_ec_explicit_prime_params(OSSL_PARAM_BLD
*bld
)
1086 static const unsigned char prime256v1_gen2
[] = {
1088 0xe4, 0x97, 0x08, 0xbe, 0x7d, 0xfa, 0xa2, 0x9a,
1089 0xa3, 0x12, 0x6f, 0xe4, 0xe7, 0xd0, 0x25, 0xe3,
1090 0x4a, 0xc1, 0x03, 0x15, 0x8c, 0xd9, 0x33, 0xc6,
1091 0x97, 0x42, 0xf5, 0xdc, 0x97, 0xb9, 0xd7, 0x31,
1092 0xe9, 0x7d, 0x74, 0x3d, 0x67, 0x6a, 0x3b, 0x21,
1093 0x08, 0x9c, 0x31, 0x73, 0xf8, 0xc1, 0x27, 0xc9,
1094 0xd2, 0xa0, 0xa0, 0x83, 0x66, 0xe0, 0xc9, 0xda,
1095 0xa8, 0xc6, 0x56, 0x2b, 0x94, 0xb1, 0xae, 0x55
1097 return do_create_ec_explicit_prime_params(bld
, prime256v1_gen2
,
1098 sizeof(prime256v1_gen2
));
1101 # ifndef OPENSSL_NO_EC2M
1102 static int do_create_ec_explicit_trinomial_params(OSSL_PARAM_BLD
*bld
,
1103 const unsigned char *gen
,
1106 BIGNUM
*a
, *b
, *poly
, *order
, *cofactor
;
1107 /* sect233k1 characteristic-two-field tpBasis */
1108 static const unsigned char poly_data
[] = {
1109 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1110 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
1111 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
1113 static const unsigned char a_data
[] = {
1114 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1115 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1116 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
1118 static const unsigned char b_data
[] = {
1119 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1120 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1121 0x00, 0x00, 0x00, 0x00, 0x00, 0x01
1123 static const unsigned char order_data
[] = {
1124 0x00, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1125 0x00, 0x00, 0x00, 0x06, 0x9D, 0x5B, 0xB9, 0x15, 0xBC, 0xD4, 0x6E, 0xFB,
1126 0x1A, 0xD5, 0xF1, 0x73, 0xAB, 0xDF
1128 static const unsigned char cofactor_data
[]= {
1131 return TEST_ptr(a
= BN_CTX_get(bnctx
))
1132 && TEST_ptr(b
= BN_CTX_get(bnctx
))
1133 && TEST_ptr(poly
= BN_CTX_get(bnctx
))
1134 && TEST_ptr(order
= BN_CTX_get(bnctx
))
1135 && TEST_ptr(cofactor
= BN_CTX_get(bnctx
))
1136 && TEST_ptr(BN_bin2bn(poly_data
, sizeof(poly_data
), poly
))
1137 && TEST_ptr(BN_bin2bn(a_data
, sizeof(a_data
), a
))
1138 && TEST_ptr(BN_bin2bn(b_data
, sizeof(b_data
), b
))
1139 && TEST_ptr(BN_bin2bn(order_data
, sizeof(order_data
), order
))
1140 && TEST_ptr(BN_bin2bn(cofactor_data
, sizeof(cofactor_data
), cofactor
))
1141 && TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld
,
1142 OSSL_PKEY_PARAM_EC_FIELD_TYPE
,
1143 SN_X9_62_characteristic_two_field
, 0))
1144 && TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_EC_P
, poly
))
1145 && TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_EC_A
, a
))
1146 && TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_EC_B
, b
))
1147 && TEST_true(OSSL_PARAM_BLD_push_BN(bld
,
1148 OSSL_PKEY_PARAM_EC_ORDER
, order
))
1149 && TEST_true(OSSL_PARAM_BLD_push_octet_string(bld
,
1150 OSSL_PKEY_PARAM_EC_GENERATOR
, gen
, gen_len
))
1151 && TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_EC_COFACTOR
,
1155 static int create_ec_explicit_trinomial_params_namedcurve(OSSL_PARAM_BLD
*bld
)
1157 static const unsigned char gen
[] = {
1159 0x01, 0x72, 0x32, 0xBA, 0x85, 0x3A, 0x7E, 0x73, 0x1A, 0xF1, 0x29, 0xF2,
1160 0x2F, 0xF4, 0x14, 0x95, 0x63, 0xA4, 0x19, 0xC2, 0x6B, 0xF5, 0x0A, 0x4C,
1161 0x9D, 0x6E, 0xEF, 0xAD, 0x61, 0x26,
1162 0x01, 0xDB, 0x53, 0x7D, 0xEC, 0xE8, 0x19, 0xB7, 0xF7, 0x0F, 0x55, 0x5A,
1163 0x67, 0xC4, 0x27, 0xA8, 0xCD, 0x9B, 0xF1, 0x8A, 0xEB, 0x9B, 0x56, 0xE0,
1164 0xC1, 0x10, 0x56, 0xFA, 0xE6, 0xA3
1166 return do_create_ec_explicit_trinomial_params(bld
, gen
, sizeof(gen
));
1169 static int create_ec_explicit_trinomial_params(OSSL_PARAM_BLD
*bld
)
1171 static const unsigned char gen2
[] = {
1173 0x00, 0xd7, 0xba, 0xd0, 0x26, 0x6c, 0x31, 0x6a, 0x78, 0x76, 0x01, 0xd1,
1174 0x32, 0x4b, 0x8f, 0x30, 0x29, 0x2d, 0x78, 0x30, 0xca, 0x43, 0xaa, 0xf0,
1175 0xa2, 0x5a, 0xd4, 0x0f, 0xb3, 0xf4,
1176 0x00, 0x85, 0x4b, 0x1b, 0x8d, 0x50, 0x10, 0xa5, 0x1c, 0x80, 0xf7, 0x86,
1177 0x40, 0x62, 0x4c, 0x87, 0xd1, 0x26, 0x7a, 0x9c, 0x5c, 0xe9, 0x82, 0x29,
1178 0xd1, 0x67, 0x70, 0x41, 0xea, 0xcb
1180 return do_create_ec_explicit_trinomial_params(bld
, gen2
, sizeof(gen2
));
1182 # endif /* OPENSSL_NO_EC2M */
1183 #endif /* OPENSSL_NO_EC */
1185 int setup_tests(void)
1187 # ifndef OPENSSL_NO_RC4
1188 int use_legacy
= OSSL_PROVIDER_available(NULL
, "legacy");
1192 #ifndef OPENSSL_NO_DSA
1193 static size_t qbits
= 160; /* PVK only tolerates 160 Q bits */
1194 static size_t pbits
= 1024; /* With 160 Q bits, we MUST use 1024 P bits */
1195 OSSL_PARAM DSA_params
[] = {
1196 OSSL_PARAM_size_t("pbits", &pbits
),
1197 OSSL_PARAM_size_t("qbits", &qbits
),
1202 #ifndef OPENSSL_NO_EC
1203 static char groupname
[] = "prime256v1";
1204 OSSL_PARAM EC_params
[] = {
1205 OSSL_PARAM_utf8_string("group", groupname
, sizeof(groupname
) - 1),
1210 /* 7 is the default magic number */
1211 static unsigned int rsapss_min_saltlen
= 7;
1212 OSSL_PARAM RSA_PSS_params
[] = {
1213 OSSL_PARAM_uint("saltlen", &rsapss_min_saltlen
),
1217 #ifndef OPENSSL_NO_EC
1218 if (!TEST_ptr(bnctx
= BN_CTX_new_ex(NULL
))
1219 || !TEST_ptr(bld_prime_nc
= OSSL_PARAM_BLD_new())
1220 || !TEST_ptr(bld_prime
= OSSL_PARAM_BLD_new())
1221 || !create_ec_explicit_prime_params_namedcurve(bld_prime_nc
)
1222 || !create_ec_explicit_prime_params(bld_prime
)
1223 || !TEST_ptr(ec_explicit_prime_params_nc
= OSSL_PARAM_BLD_to_param(bld_prime_nc
))
1224 || !TEST_ptr(ec_explicit_prime_params_explicit
= OSSL_PARAM_BLD_to_param(bld_prime
))
1225 # ifndef OPENSSL_NO_EC2M
1226 || !TEST_ptr(bld_tri_nc
= OSSL_PARAM_BLD_new())
1227 || !TEST_ptr(bld_tri
= OSSL_PARAM_BLD_new())
1228 || !create_ec_explicit_trinomial_params_namedcurve(bld_tri_nc
)
1229 || !create_ec_explicit_trinomial_params(bld_tri
)
1230 || !TEST_ptr(ec_explicit_tri_params_nc
= OSSL_PARAM_BLD_to_param(bld_tri_nc
))
1231 || !TEST_ptr(ec_explicit_tri_params_explicit
= OSSL_PARAM_BLD_to_param(bld_tri
))
1237 TEST_info("Generating keys...");
1239 #ifndef OPENSSL_NO_DH
1240 MAKE_DOMAIN_KEYS(DH
, "DH", NULL
);
1241 MAKE_DOMAIN_KEYS(DHX
, "X9.42 DH", NULL
);
1242 TEST_info("Generating keys...DH done");
1244 #ifndef OPENSSL_NO_DSA
1245 MAKE_DOMAIN_KEYS(DSA
, "DSA", DSA_params
);
1246 TEST_info("Generating keys...DSA done");
1248 #ifndef OPENSSL_NO_EC
1249 MAKE_DOMAIN_KEYS(EC
, "EC", EC_params
);
1250 MAKE_DOMAIN_KEYS(ECExplicitPrimeNamedCurve
, "EC", ec_explicit_prime_params_nc
);
1251 MAKE_DOMAIN_KEYS(ECExplicitPrime2G
, "EC", ec_explicit_prime_params_explicit
);
1252 # ifndef OPENSSL_NO_EC2M
1253 MAKE_DOMAIN_KEYS(ECExplicitTriNamedCurve
, "EC", ec_explicit_tri_params_nc
);
1254 MAKE_DOMAIN_KEYS(ECExplicitTri2G
, "EC", ec_explicit_tri_params_explicit
);
1256 MAKE_KEYS(ED25519
, "ED25519", NULL
);
1257 MAKE_KEYS(ED448
, "ED448", NULL
);
1258 MAKE_KEYS(X25519
, "X25519", NULL
);
1259 MAKE_KEYS(X448
, "X448", NULL
);
1260 TEST_info("Generating keys...EC done");
1262 MAKE_KEYS(RSA
, "RSA", NULL
);
1263 TEST_info("Generating keys...RSA done");
1264 MAKE_KEYS(RSA_PSS
, "RSA-PSS", RSA_PSS_params
);
1265 TEST_info("Generating keys...RSA_PSS done");
1268 #ifndef OPENSSL_NO_DH
1270 ADD_TEST_SUITE_PARAMS(DH
);
1271 ADD_TEST_SUITE(DHX
);
1272 ADD_TEST_SUITE_PARAMS(DHX
);
1274 * DH has no support for PEM_write_bio_PrivateKey_traditional(),
1275 * so no legacy tests.
1278 #ifndef OPENSSL_NO_DSA
1279 ADD_TEST_SUITE(DSA
);
1280 ADD_TEST_SUITE_PARAMS(DSA
);
1281 ADD_TEST_SUITE_LEGACY(DSA
);
1282 ADD_TEST_SUITE_MSBLOB(DSA
);
1283 ADD_TEST_SUITE_UNPROTECTED_PVK(DSA
);
1284 # ifndef OPENSSL_NO_RC4
1286 ADD_TEST_SUITE_PROTECTED_PVK(DSA
);
1290 #ifndef OPENSSL_NO_EC
1292 ADD_TEST_SUITE_PARAMS(EC
);
1293 ADD_TEST_SUITE_LEGACY(EC
);
1294 ADD_TEST_SUITE(ECExplicitPrimeNamedCurve
);
1295 ADD_TEST_SUITE_LEGACY(ECExplicitPrimeNamedCurve
);
1296 ADD_TEST_SUITE(ECExplicitPrime2G
);
1297 ADD_TEST_SUITE_LEGACY(ECExplicitPrime2G
);
1298 # ifndef OPENSSL_NO_EC2M
1299 ADD_TEST_SUITE(ECExplicitTriNamedCurve
);
1300 ADD_TEST_SUITE_LEGACY(ECExplicitTriNamedCurve
);
1301 ADD_TEST_SUITE(ECExplicitTri2G
);
1302 ADD_TEST_SUITE_LEGACY(ECExplicitTri2G
);
1304 ADD_TEST_SUITE(ED25519
);
1305 ADD_TEST_SUITE(ED448
);
1306 ADD_TEST_SUITE(X25519
);
1307 ADD_TEST_SUITE(X448
);
1309 * ED25519, ED448, X25519 and X448 have no support for
1310 * PEM_write_bio_PrivateKey_traditional(), so no legacy tests.
1313 ADD_TEST_SUITE(RSA
);
1314 ADD_TEST_SUITE_LEGACY(RSA
);
1315 ADD_TEST_SUITE(RSA_PSS
);
1317 * RSA-PSS has no support for PEM_write_bio_PrivateKey_traditional(),
1318 * so no legacy tests.
1320 ADD_TEST_SUITE_MSBLOB(RSA
);
1321 ADD_TEST_SUITE_UNPROTECTED_PVK(RSA
);
1322 # ifndef OPENSSL_NO_RC4
1324 ADD_TEST_SUITE_PROTECTED_PVK(RSA
);
1332 void cleanup_tests(void)
1334 #ifndef OPENSSL_NO_EC
1335 OSSL_PARAM_BLD_free_params(ec_explicit_prime_params_nc
);
1336 OSSL_PARAM_BLD_free_params(ec_explicit_prime_params_explicit
);
1337 OSSL_PARAM_BLD_free(bld_prime_nc
);
1338 OSSL_PARAM_BLD_free(bld_prime
);
1339 # ifndef OPENSSL_NO_EC2M
1340 OSSL_PARAM_BLD_free_params(ec_explicit_tri_params_nc
);
1341 OSSL_PARAM_BLD_free_params(ec_explicit_tri_params_explicit
);
1342 OSSL_PARAM_BLD_free(bld_tri_nc
);
1343 OSSL_PARAM_BLD_free(bld_tri
);
1346 #endif /* OPENSSL_NO_EC */
1348 #ifndef OPENSSL_NO_DH
1349 FREE_DOMAIN_KEYS(DH
);
1350 FREE_DOMAIN_KEYS(DHX
);
1352 #ifndef OPENSSL_NO_DSA
1353 FREE_DOMAIN_KEYS(DSA
);
1355 #ifndef OPENSSL_NO_EC
1356 FREE_DOMAIN_KEYS(EC
);
1357 FREE_DOMAIN_KEYS(ECExplicitPrimeNamedCurve
);
1358 FREE_DOMAIN_KEYS(ECExplicitPrime2G
);
1359 # ifndef OPENSSL_NO_EC2M
1360 FREE_DOMAIN_KEYS(ECExplicitTriNamedCurve
);
1361 FREE_DOMAIN_KEYS(ECExplicitTri2G
);